GitHub Actions
Production-ready Certyn patterns for PR gates, deploy gates, and nightly regression.
Use either:
certyn/action@v1(thin wrapper over CLI), or- direct CLI steps in your workflow.
Both options are gitflow-agnostic and work at PR, deploy, and nightly decision points.
Pin for production
Start with certyn/action@v1, then pin to a full commit SHA after validation.
Prerequisites
Create a Certyn API key and store it as a GitHub secret.
Required secrets:
CERTYN_API_KEYCERTYN_PROJECT_SLUG
Optional variables:
CERTYN_API_URL(defaulthttps://api.certyn.io)CERTYN_ENVIRONMENT_KEY(defaultstaging)
Recommended API key scopes:
ci:triggerci:statusci:cancel
Option A: Wrapper action
name: Certyn PR Smoke Gate
on:
pull_request:
jobs:
certyn:
runs-on: ubuntu-latest
steps:
- name: Run Certyn
id: certyn
uses: certyn/action@v1
with:
api_url: ${{ vars.CERTYN_API_URL || 'https://api.certyn.io' }}
api_key: ${{ secrets.CERTYN_API_KEY }}
project_slug: ${{ secrets.CERTYN_PROJECT_SLUG }}
environment_key: ${{ vars.CERTYN_ENVIRONMENT_KEY || 'staging' }}
process_slug: smoke-suite
timeout_seconds: 1800
wait_for_completion: true
- name: Summary
if: always()
run: |
echo "## Certyn Result" >> "$GITHUB_STEP_SUMMARY"
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "- run_id: ${{ steps.certyn.outputs.run_id }}" >> "$GITHUB_STEP_SUMMARY"
echo "- status_url: ${{ steps.certyn.outputs.status_url }}" >> "$GITHUB_STEP_SUMMARY"
echo "- app_url: ${{ steps.certyn.outputs.app_url }}" >> "$GITHUB_STEP_SUMMARY"
echo "- failed: ${{ steps.certyn.outputs.failed }}" >> "$GITHUB_STEP_SUMMARY"
echo "- blocked: ${{ steps.certyn.outputs.blocked }}" >> "$GITHUB_STEP_SUMMARY"
Option B: Direct CLI workflow
name: Certyn Direct CLI
on:
workflow_dispatch:
jobs:
certyn:
runs-on: ubuntu-latest
steps:
- name: Install certyn CLI
run: |
curl -fsSL https://certyn.io/install | bash -s -- --version v0.1.0
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
- name: Run smoke gate
env:
CERTYN_API_URL: ${{ vars.CERTYN_API_URL || 'https://api.certyn.io' }}
CERTYN_API_KEY: ${{ secrets.CERTYN_API_KEY }}
CERTYN_PROJECT: ${{ secrets.CERTYN_PROJECT_SLUG }}
CERTYN_ENVIRONMENT: ${{ vars.CERTYN_ENVIRONMENT_KEY || 'staging' }}
run: |
certyn run smoke --timeout 30m
Reusable pattern examples
Use the same inputs for deploy and nightly gates:
- deploy gate:
process_slug: smoke-suite - nightly sweep:
process_slug: regression-suite - manual verification:
process_slug: smoke-suite, environment fromworkflow_dispatchinput
Post-failure triage
After the gate step fails, run triage commands locally or in a follow-up job:
certyn issues list --project my-app --activity attention
certyn executions for-issue --project my-app <issue-id>
certyn tests report --project my-app <testcase-id>
Reference: CLI Triage Workflows
For mutation and control workflows (issues update, tests update, executions retry/stop), see CLI Commands.
Gitflow mapping
| Team workflow | Where to place Certyn |
|---|---|
| Trunk-based | PR smoke gate, post-deploy smoke gate, nightly regression |
GitFlow (develop, release/*, main) | PR smoke on develop/release, post-deploy smoke on promotions, nightly regression |
| Custom model | Add smoke at merge and promotion gates, run regression on integration branch |
Required GitHub settings
- Branch protection: require the Certyn smoke gate check.
- Environment protection: require reviewers for production environments.
- Action pinning: pin action refs to commit SHAs in production repos.